## Tenable CTF - Tech Support Challenge Walkthrough

Tenable CTF - Tech Support Challenge Walkthrough⌗

This challenge was categorized as Misc in the Tenable CTF 2022.

In the challenge description, we are given a domain for an IRC server for tech support. After connecting to the IRC server, I looked for some easy flags, but I realized that there were none at the first glance. In order to dig deeper, I went back to the challenge description and tried to find something useful.

Since the challenge’s name is “Tech Support”, I thought that there might be some channel named “tech”, “support”, “tech-support”, or “help”. I tried to join those channels, and voilà! There was a channel called “help”. After joining the channel, there was a user named “gandalf”, which turned out to be a bot. It was sending messages every three seconds, stating that he uses Arch.

IRC #help Channel

The bot was spamming messages including the words of the meme, “I use arch btw”. But the occasions of the words were looking totally random. So I thought that it must be some kind of encryption technique. After googling about a language involving the words of the meme, I encountered the I use Arch btw programming language.

Now that we have determined how are we going to solve the challenge, we only have to copy and paste some text, right? That was what I thought at the beginning. But no, things were getting harder.

Since there are tens of people in the chanell, everyone was somehow interacting with gandalf and leading the bot to send a lot of messages. Therefore I had hard times trying to understand which messages could lead me to a potential flag.

I waited until the bot calms down, then tried to mess around with the bot to see how to trigger it to send “I use arch btw” codes. It was accepting private messages so I tried to send a few keywords like “arch”, “linux”, “gandalf”, and “windows”. I didn’t expect for the “windows” keyword to trigger the bot, however it started to send messages every three seconds.

I compiled the codes using the “I use arch btw” compiler, and ran them. The code returned a weird string which includes my IRC username, host, and client along with the message I sent to gandalf.

windows turned out to be a rabbit hole. I started looking for other clues. I started reading the I use arch btw’s docs. I couldn’t see anything remarkable at the first glance, but after reading the LANG_SPEC.md for the second time, I encountered the keyword gentoo, which is used for “Printing debugging information”. As a last resort, I sent gentoo to the bot, and checked the #help channel again. The bot was sending different messages now! Afterwards I copied the messages and compiled them. And when I ran the code, it returned me the flag.